Hi, I have created A and PTR nodes in the Forward and Reverse Lookup in DNS, and using dig command, I have successfully test forward and reverse lookups and they are success. But still the same error persists.
Bind Error [49]: additional info: 8009030B: LdapErr: DSID-0C09043E, comment: AcceptSecurityContext error, data 7a, vece However through a post I went to http://msdn.microsoft.com/en-us/library/ms681382(VS.85).aspx and 0x7a corresponds to Windows error ERROR_INSUFFICIENT_BUFFER mean "The data area passed to a system call is too small". Need help. Kashif. On Aug 6, 3:29 pm, Michael Ströder <[EMAIL PROTECTED]> wrote: > Kashif Ali Siddiqui wrote: > > On Aug 5, 4:46 am, Michael Ströder <[EMAIL PROTECTED]> wrote: > >> Rich Megginson wrote: > >>> Kashif Ali Siddiqui wrote: > >>>> I am using Microsoft Server2003 SP1 Active Directory and want to do > >>>> LDAP_SASL_BIND using GSSAPI mechanism (Kerberos5). I have setup an > >>>> instance for Microsoft Server2003 and a Linux client machine with > >>>> Mozilla LDAP 6.0.4 with Cyrus SASL libraries. I have a client code > >>>> ready (code pasted in the above posting) and I am not able to get > >>>> through the BIND call. It is consistently giving me error > >>>> Bind Error [49]: Invalid credentials > >>>> Bind Error [49]: additional info: 8009030B: LdapErr: DSID-0C09043E, > >>>> comment: AcceptSecurityContext error, data 7a, vece > >>>> By the way, I have successfully kinit the user credentials and they > >>>> are fetched in the cache. Also after failed attempts of > >>>> ldap_sasl_interactive_bind (ended with above error) I am still getting > >>>> the service ticket as shown when I do klist. > >> In general for this to work you should ensure that all your system > >> clocks are in sync, all systems involved have correct DNS A and PTR RRs > >> (don't use CNAMEs), and attribute servicePrincipalName for the service > >> account is correct. > > > Can you please elaborate on this setting. Steps can be more helpful. > > Use nslookup or other DNS client tools to check whether the > name-to-address and reverse DNS entries are all present for your AD DCs. > If there's anything missing talk to you DNS admin. > > Ciao, Michael. _______________________________________________ dev-tech-ldap mailing list [email protected] https://lists.mozilla.org/listinfo/dev-tech-ldap
